-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(integration): sign Admin API requests during integration tests #3177
feat(integration): sign Admin API requests during integration tests #3177
Conversation
packages/backend/src/tests/app.ts
Outdated
signature: generateApiSignature( | ||
config.adminApiSecret, | ||
config.adminApiSignatureVersion, | ||
requestBody | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that the API_SECRET is mandatory, sign graphql requests during tests as well. I was thinking of potentially bypassing signing in tests via flag like if (config.env === "test") don't add the auth middleware
, but this was straightforward
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
edit: because of our replay attack checks, going to use if (config.env === "test") don't add the auth middleware
method
Trying to debug some tests, we have test failures because of the fact that some tests send duplicate requests (with the same resulting signature). We explicitly check for duplicate requests in: rafiki/packages/backend/src/shared/utils.ts Lines 150 to 172 in ee45d61
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Changes proposed in this pull request
backend
(for seeding operator tenant in [Multi-Tenant] Create operator tenant #3149), we need to have request signing for the Admin API in all places. This PR adds signature signing to the integration tests and ignores the signature signing during normalbackend
testsContext
Related to #3149
Checklist
fixes #number
user-docs
label (if necessary)